The FBI has so far been ambivalent about whether or not it will reveal to Apple the method used to access the San Bernardino iPhone, but a Reuters report suggests that the agency may not even know – or have the legal right to disclose it if it does.
The Washington Post reported yesterday that it was freelance hackers, and not Cellebrite, who sold the FBI the tool used to access the phone. But the group may not have revealed the vulnerability on which it was based, and the government process that decides which vulnerabilities to share with companies does not apply in this case …
The company that helped the FBI unlock a San Bernardino shooter’s iPhone to get data has sole legal ownership of the method, making it highly unlikely the technique will be disclosed by the government to Apple or any other entity, Obama administration sources said this week.
The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public. But it is not set up to handle or reveal flaws that are discovered and owned by private companies, the sources said.
Normally when the government discovers a vulnerability in a piece of technology, it goes through what’s known as the Vulnerabilities Equities Process – essentially deciding whether the public interest is better served by disclosing the flaw so that it can be fixed, or keeping it secret so that the government can take advantage of it. But that process is not currently triggered when a vulnerability is discovered by someone other than the government.
Rob Knake, who managed the White House process before leaving last year, told Reuters that the FBI was probably told just enough information to confirm the validity of the technique. In a court case, defence lawyers would have the right to question the FBI about that method, but with both San Bernardino shooters dead, there will be no trial in this case.
The anonymous sources cited by Reuters don’t shed any light on whether it was freelance hackers or Cellebrite which provided the tool, stating only that it was ‘supplied by a non-U.S. company’ – which could easily have been formed by freelance hackers to sell their wares.
The whole exercise is, though, looking increasingly certain to have been for nothing. CBS reported yesterday that nothing of “real significance” had been found on the phone.
Photo: iFixit
FTC: We use income earning auto affiliate links. More.
The report I saw was said it was foreign gray hats that sold the exploit to the FBI for a one time fee.
http://viptest.9to5mac.com/2016/04/13/fbi-cellebrite-hackers/
I feel that Apple will be concentrating on security like never before. The secure enclave will be expanded in what resides in it and how it is secured. Encryption will run rampant throughout iOS. I suspect the days of jailbreaking will soon be over. Apple needs the iPhone to be the most secure phone available and be able to prove it.
Then again, Jony will only care that the iPhone is thinner.
If the FBI is not sure how the phone was hacked, that breaks the chain of evidence. They can’t prove the hack didn’t alter the data. Under those circumstances, anything they find would be inadmissible in court.
“In a court case, defence lawyers would have the right to question the FBI about that method, but with both San Bernardino shooters dead, there will be no trial in this case.”
The only time it may matter is if they try to use the information to get a warrant. In that case, the judge may say that he can’t issue a warrant because he’s not sure if the information is correct.
For example, there’s a text on the phone that says “Bob is part of our cell,” and then they try to get a warrant to search Bob’s house.
Here’s what I think: the phone was never unlocked at all. The FBI knew that, win OR lose, their case against Apple was going to set precedent. And they knew they were going to lose that case, which would have set a precedent *against* what they wanted. So rather than go through with the case, lose the case, and lock the door on their future invasions of digital privacy, they flat *lied*, both to save face and to leave that door open so they can try again later.
NO way. You’re telling me that the FBI AND the White House have no idea how this was done? NOPE.
That a foreign entity can break into an iPhone while the US government can’t should be unacceptable.
Has anyone else noticed that the timestamps on this website have been totally screwed up ever since they decided to colorize the Comments section, and no one thought that might be something important enough to fix? Did Jony Ive take over this website?